adopt-a-street/backend/middleware/socketAuth.js

const jwt = require("jsonwebtoken");

/**
 * Socket.IO Authentication Middleware
 * Verifies JWT token before allowing socket connections
 */
const socketAuth = (socket, next) => {
  try {
    // Get token from handshake auth or query
    const token =
      socket.handshake.auth.token || socket.handshake.query.token;

    if (!token) {
      return next(new Error("Authentication error: No token provided"));
    }

    // Verify token
    const decoded = jwt.verify(token, process.env.JWT_SECRET);

    // Attach user data to socket
    socket.user = decoded.user;

    next();
  } catch (err) {
    console.error("Socket authentication error:", err.message);
    return next(new Error("Authentication error: Invalid token"));
  }
};

module.exports = socketAuth;